On 07/15/2016 12:11 PM, Mihai Ene wrote: > I have a working ssl_bump > configuration when using direct connections. However, cache_peer and > cache_peer_access have req_header rules which aren't followed in bumped > connections. If Squid has access to [fake or real] request headers, they should be available to ACLs. > In logs, immediately after bumping, I see attempts to read X-My-Header > during cache_peer_access rules, and the header appears to always be > empty and ACLs always evaluate to 0, although the same logs show the > correct, expected X-My-Header later on, when forwarding the request. I can think of two possibilities: 1. When debugging, you are looking at CONNECT transactions (rather than HTTP requests inside bumped CONNECT tunnels) _and_ your CONNECT transactions do not have X-My-Header. 2. It is a bug you should report. If there is an X-My-Header in CONNECT transactions that your Squid receives, see #2. Otherwise, see #1. You can use wireshark or Squid ALL,2 debugging to see CONNECT headers that Squid receives. The above assumes you are not intercepting SSL connections and are not dynamically adding X-My-Header to the received requests. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
